Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw.

vulnerability CVE-2024-27322

Privileged access management (PAM) solutions provider Delinea over the weekend scrambled to patch a critical vulnerability after it apparently ignored a researcher who attempted to responsibly disclose the issue for weeks.

On April 12, Delinea informed customers that it had started investigating a “security incident” and that there may be some service disruptions. 

The next day, the company clarified that it had become aware of a critical authentication bypass vulnerability in the Secret Server SOAP API. Delinea initially prevented exploitation by blocking the impacted SOAP endpoints for Secret Server Cloud customers. In addition, it released indicators of compromise (IoCs) to enable customers to detect potential exploitation attempts. 

Later in the day, Delinea announced releasing patches for both Delinea Platform and Secret Server Cloud. On April 14, the company announced patches for Secret Server On-Premises. 

Technical details of the vulnerability along with proof-of-concept (PoC) code were made public on April 12 in a Medium post by researcher Johnny Yu.

Yu said he had been trying to responsibly disclose his findings to Delinea since February 12, including through the CERT Coordination Center at Carnegie Mellon University, but without success. Based on Yu’s disclosure timeline, Delinea ignored nearly all communication attempts.

A CVE identifier has yet to be assigned.

SecurityWeek has reached out to Delinea for comment, but the company has not shared any clarifications on the botched disclosure process. 

Advertisement. Scroll to continue reading.

“Delinea Platform and Secret Server Cloud have been updated, and we are working closely with on-premise customers with direct remediation steps. Our Engineering and Security teams have conducted reviews for any evidence of compromised tenant data,” Delinea said in an emailed statement. 

“At this time, we have found no evidence that any customer’s data has been compromised and no attempts to exploit the vulnerability have occurred on Delinea Platform and Secret Server Cloud. Our customer’s security is always a priority and we will continue to monitor this situation and provide updates to customers at trust.delinea.com,” it added.

Related: Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge

Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Related: Magento Vulnerability Exploited to Deploy Persistent Backdoor

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights